Sessions

Adib Saikali - Broadcom

The playbook for AI agent integration is becoming predictable: build an MCP server, expose your APIs as tools, and define the rules in prompts. That approach works, but it often pushes workflow and guardrails into client-side logic, where they are harder to enforce and easier to bypass.

This talk presents a different approach. HATEOAS (Hypermedia As The Engine Of Application State)—a largely overlooked part of REST—allows an API to describe allowed actions and constraints at runtime. That makes it a natural fit for agents, which need clear, machine-readable guidance about what they can safely do next.

We’ll show this in action with MoneyMate, an AI agent that performs sensitive operations such as money transfers. Using the Spring HATEOAS project, the agent is guided entirely by the API rather than by hardcoded tools or fragile prompt logic.

AI hype aside, this is ultimately a talk about architectural validation. For years, HATEOAS was the hill REST purists loved to die on—complete with finger-wagging about “doing REST correctly”—while everyone else quietly shipped simple JSON and moved on. It turns out the purists weren’t wrong—just 20 years early. Come see why that extra structure finally pays off when your client is an LLM.